FreeBSD : haproxy -- information leak vulnerability (cbfa8bd7-24b6-11e5-86ff-14dae9d210b8)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

HAProxy reports :

A vulnerability was found when HTTP pipelining is used. In some cases,
a client might be able to cause a buffer alignment issue and retrieve
uninitialized memory contents that exhibit data from a past request or
session. I want to address sincere congratulations to Charlie
Smurthwaite of aTech Media for the really detailed traces he provided
which made it possible to find the cause of this bug. Every user of
1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev
snapshot to fix this issue, or use the backport of the fix provided by
their operating system vendors. CVE-2015-3281 was assigned to this
bug.

See also :

http://www.haproxy.org/news.html
http://www.nessus.org/u?0ce8527e
http://seclists.org/oss-sec/2015/q3/61
http://www.nessus.org/u?cdb73ccc

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84601 ()

Bugtraq ID:

CVE ID: CVE-2015-3281

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now